I've been using HTTPS-only mode on Firefox for many months now. The place where I see HTTP links most often is email tracking links. I'm commonly automatically upgraded to HTTPS and it works but very often there is no HTTPS support at all. Even for sensitive things like password resets that have secret tokens in the URL.
A few sites I run into once in a while have the following bad setup, which HTTPS-only flags (because it's actually unsafe) but looks normal to most people:
You will also see the mirror image mistake (www.example.com is canonical, but the redirects go from example.com only on HTTP) at similar rates.
This is all because Tim chose not to rely on SRV records to make his toy hypermedia system work and decades later we're still paying for this (among others) mistake.
